I’ve recently had money stolen from my card, and managed to get it back thanks to Revolut. Thanks!
But I am still thinking how it happened. Somebody obviously skimmed my card somehow.
I am thinking that one of the things that might have happened is that someone recorded with a camera (they’re everywhere now) both sides of my card, and thus gained access to both the card number, expiry date, and the CVV. That is enough to make online purchases, which is how the fraudulent transaction happened.
Which brings me to this idea for making the card slightly more safe: don’t print any numbers on the card. Not the card number, not the CVV, not the expiry date, nothing. Just have the chip there.
The card is a debit card and not a credit card. They cannot swipe it in one of those ancient machines that used to do carbon copies of receipts. The embossed number is a leftover of that past. It is something we need to know when shopping online, for example, but it also exists in the app, where it is much safer. We simply don’t need it on the card.
I know magstrip is the most common method, but having two cameras, to record both the front and the back would work too. The reason why I suspect the latter was the case with me is because cloned cards can be used at ATMs, making the perpetrators hard to catch, if they mask their faces. My fraudulent transaction was on a web shop. That leaves more trace, so I don’t think it’s the preferred method.
In some situations, like restaurants in the US, it is still pretty common to hand a waiter the card. Both ways of “skimming” are possible here, and with the CVC, there is no PIN needed for online payments.
Statistics show that fraudsters seem to focus on chip + PIN transactions after the US finally jumped onto that train. I also think that 3DS is a better way to deal with this than not printing numbers on cards. But the initial post mentions fraudulent online transactions. If that is true, the fraudster more likely obtained the CVC than the PIN.
Yes. That might change since more and more baks issue non-embossed cards. Even real credit cards from major US banks are flat without anything than a name on the front.
As I said. Embossed cards are still useful. Rare but very useful in those situations.
Imagine you guaranteed with a card your stay in a hotel on a remote island in the middle of pacific.
At check out time you have a bill of 4 nights + other things you consumed.
The problem is that due to a storm there’s no internet/ electricity.
What you do? I used that old method in November. Without I would be stacked at least few hours more
With online payments not the card number is the problem.
The problem is lack of 3D secure !
I can give you my bank card number, CVC and expiration date. You can’t do anything. Non 3D secure payments are limited to 0. And you can’t get through 3D secure.
That’s the thing :r: should do for card security. Not fashion numberless cards.
Guys, 3D secure is a major pain in the ass. Most of my online payments are small, I do a lot of them, and the fact that I have to fire up my bank token app (btw my bank only introduced app tokens a year ago, they used to be a piece of plastic I had to drag around. Some banks STILL don’t have it on mobile), switch between the two apps (token and the one I am paying in) multiple times so I enter the challenge correctly and then copy the response correctly – is a hassle and wastes a lot of my time. Not to mention that there are also “remote island” scenarios there… what if your phone was stolen or lost and you are in a foreign country trying to buy yourself a plane ticket online to get out of there. No phone? Tough luck, no ticket then.
Oh yeah… and the 3DS stuff is usually some strange iframe or popup that doesn’t even work correctly on mobile half the time.
I appreciate that the design can be nice, but I think I’m not the only one who doesn’t like the idea of losing access to a big part of my card functionality by losing my phone. I travel a lot (that’s why I got Revolut in the first place), and the danger of my phone being lost or stolen is very real. For that same reason I don’t have two-factor authentication on my Gmail either, just a very very (very) complicated password.
It’s just that this is controlled mainly by the merchant. Some online stores won’t work if your card does not offer 3DS. And 3DS does not affect functionality of card present transactions. So a good compromise would be to have 3DS for physical cards while relying on virtual cards for online payments.
There is a type of card readers where you need to give the card to the person, which puts the card into the card reader and there is a separate device to enter the pin code which is reachable for the customers. I don’t like the idea of giving my card with sensitive information to the other hands, even if I have never lost money in that way. I don’t think that cvc number is necessary on the card and it could be removed, security measure similar to the 2FA would be a nice thing to have IMO.
Everyone says N26 3DS is pretty good, but I was never able to use it. It immediately crashes the app on my iPhone when I click to accept a 3ds request. Already tried everything, including installing the app on an iPad to no avail.
Regarding the security of cards, I really like that Revolut doesn’t paint the numbers as it makes it harder for someone to film or photograph them. This is the opposite of the N26 card, transparent with the numbers in black. Especially when you have a light source below such as when touching an nfc terminal, it’s pretty easy to have a camera capturing the numbers
